selinux breaks revisor

Douglas McClendon dmc.fedora at filteredperception.org
Fri Jan 25 00:59:47 UTC 2008


Daniel P. Berrange wrote:

> 
> Plain QEMU is unusably slow for doing any real work - particularly compute
> and disk intensive stuff like builds / composes.

Takes 12 hours to compose my 1G LiveDVD, involving a full anaconda http 
install under qemu, followed by mksquashfs of the result.  Honestly I do 
a lot of data shuffling, and think that I could probably halve that time 
if I wasn't more interested in further functionality at the moment than 
I am in performance.

I'll take that 12 hours over the 1hr for livecd-creator any day of the 
week, knowing that I'm not running about 1000 rpm post install scripts 
under the limited protection of a chroot with selinux disabled. 
Combined with the comfort of knowing that if I do a compose on a 
different piece of hardware, that those 1000 scripts will have no chance 
to sneakily incur any host build dependencies based on their access to a 
random /proc (as opposed to the consistency of always identical qemu /proc).

You may call 12 hours for a compose unusably slow.  I don't.  And 
computers and software get improved all the time, so maybe in 3 years, 
that 12 hours will just become "order a pizza and wait for the results".

works for me.

$0.02

-dmc



  You need KVM for it to be
> viable, which restricts you to i686 / x86_64 currently, and possibly adding
> ia64 & ppc64 in the medium-term future. No work on sparc/arm, and no clue
> about s390.
> 
> Dan.




More information about the fedora-devel-list mailing list